Re: chain-overlay question

[Markus Krause]

Zitat von Pierangelo Masarati <[EMAIL PROTECTED]>:
my slapd.conf now looks like (now in more detail, just cleaned up):
--- slapd.conf
...
modulepath      /usr/lib/openldap/modules
moduleload      smbk5pwd.so
sizelimit unlimited
acl ...
TLSstuff ...
#### chain overlay definition
overlay chain
chain-rebind-as-user    FALSE
chain-uri       "ldaps://ldapprov"
chain-rebind-as-user    TRUE
chain-idassert-bind     bindmethod="simple"
                       binddn="cn=manager,o=test"
                       credentials="secret"
                       mode="self"
database bdb
suffix "o=test"
directory /var/lib/ldap/
rootdn "cn=manager,o=test"
rootpw "secret"
index objectClass,uidNumber,gidNumber eq
index member,mail eq,pres
index cn,displayname,uid,sn,givenname sub,eq,pres
index sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
index entryCSN,entryUUID eq
index dhcpHWAddress eq,pres
index relativeDomainName eq,pres
index ipHostNumber eq,pres
index zoneName eq,pres
index radiusGroupName eq,pres

syncrepl rid=13
       provider=ldaps://ldapprov
       type=refreshAndPersist
       retry=1,5,5,6,30,+
       interval=00:00:00:30
       searchbase="o=test"
       filter="(objectclass=*)"
       scope=sub
       attrs="*"
       schemachecking=off
       binddn="cn=manager,o=test"
       bindmethod=simple
       credentials="secret"
       sizelimit=unlimited
updateref ldaps://ldapprov

overlay syncprov
overlay smbk5pwd
smbk5pwd-enable samba
--- end of slapd.conf

To me, it looks just fine.


In the meanwhile, I'd check your configuration by using a less
challenging write operation (like a modify).

i just tried an "ldapadd" and get:
---
ldapadd -x -h localhost -D "cn=manager,o=test" -W -f testuser.ldif
Enter LDAP Password:
adding new entry "uid=testuser,ou=People,o=test
ldap_add: Referral (10)
        referrals:
                ldaps://ldapprov/uid=testuser,ou=People,o=test
---

actually i thought that the consumer (on localhost) with slapo-chain  
should send the "change command" to the provider without notifying the  
client?

regards
   markus




+-----------------------------------------------------------------+
| Markus Krause, Mogli-Soft                                       |
| Support for Mac OS X, Webmail/Horde, LDAP, RADIUS, MySQL        |
| by order of the                                                 |
|    Computing Center of the Max-Planck-Institute of Biochemistry |
+--------------------------------+--------------------------------+
| E-Mail: [EMAIL PROTECTED]  |  Tel.: 089 - 89 40 85 99       |
|         [EMAIL PROTECTED]  |  Fax.: 089 - 89 40 85 98       |
|  Skype: markus.krause          | iChat: [EMAIL PROTECTED]   |
+--------------------------------+--------------------------------+

----------------------------------------------------------------------
     This message was sent using https://webmail2.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]